More and more business processes are executed by software applications being developed and deployed in communications networks. These “network-enabled applications” are typically installed on some form of computing hardware connected to a network, such as application servers on the Internet. Such application servers provide a platform for deploying, executing, and managing sessions with the applications. Once deployed, customers can initiate client-server sessions with the applications whereby the customers and applications communicate over the network to conduct some type of business offered by the application. The services provided to customers by an application are referred to as “business services” and have one or more underlying business processes. Business processes are composed of various “business activities” that are performed in association with business processes that embody the business services. Business activities are performed in the context of conducting some type of business between customers and the application's owner (referred to herein simply as a “business”).
Because more and more financial and retail activity is conducted online, losses due to fraud are on the rise and businesses urgently need to take steps to detect and reduce fraudulent activity. The Internet has also made customers faceless and, therefore, difficult to support in a personalized way. The commercial strength of the Internet, i.e., access to a large and diverse audience without the need for a local presence, is also a weakness. In the real world, you can learn over time the idiosyncrasies of individual customers and observe their behavior to understand their intent. This is not readily possible in online Internet transactions, where customers are remote and cannot be directly observed. Lacking the visual and verbal clues taken for granted in the physical world, companies have not been able to monitor the activity of individual customers in real time, or respond to such activities in real time. Thus, a host of criminal activities, including fraudulent purchases and financial transactions, identify theft, “phishing”, etc. are now based on online transactions. Detecting and preventing these activities is a significant priority for businesses with online operations.
Approaches to online fraud protection have typically relied on invasive practices of inserting fraud detection logic directly into online applications which, therefore, affects customers' experiences with such applications. Since fraud detection formulas are in constant need of refinement and updating and tuning, this approach slows the deployment of business related online application refinements, drains critical resources away into maintenance activities, and impacts the ability of the online business to focus on core business activities. Also, since the technology and design of each online application is different, it is practically impossible to efficiently reuse or leverage fraud detection formulas developed for other applications or other similar businesses. Additionally, approaches to online fraud protection are often based on some form of post-processing analysis rather than on real time analysis of business processes and activities.
One primary challenge with application-independent real time monitoring and detection of suspicious activities is regarding the sheer volume of data involved in online activity. A typical e-commerce site may serve tens of thousands of customers an hour, generating gigabytes of data. Keeping track of this massive amount of data flowing through the network, identifying and extracting the information that has a potentially fraudulent intent, and making it available to the right people in real time, poses significant challenges.
Any approaches that may be described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.